cpe:/a:php:pear:0.2.2 cpe:/a:php:pear:0.9 cpe:/a:php:pear:0.10 cpe:/a:php:pear:0.11 cpe:/a:php:pear:0.90 cpe:/a:php:pear:1.0 cpe:/a:php:pear:1.0.1 cpe:/a:php:pear:1.0b1 cpe:/a:php:pear:1.0b2 cpe:/a:php:pear:1.0b3 cpe:/a:php:pear:1.1 cpe:/a:php:pear:1.2 cpe:/a:php:pear:1.2.1 cpe:/a:php:pear:1.2b1 cpe:/a:php:pear:1.2b2 cpe:/a:php:pear:1.2b3 cpe:/a:php:pear:1.2b4 cpe:/a:php:pear:1.2b5 cpe:/a:php:pear:1.3 cpe:/a:php:pear:1.3.1 cpe:/a:php:pear:1.3.3 cpe:/a:php:pear:1.3.3.1 cpe:/a:php:pear:1.3.4 cpe:/a:php:pear:1.3.5 cpe:/a:php:pear:1.3.6 cpe:/a:php:pear:1.3b1 cpe:/a:php:pear:1.3b2 cpe:/a:php:pear:1.3b3 cpe:/a:php:pear:1.3b5 cpe:/a:php:pear:1.3b6 cpe:/a:php:pear:1.4.0 cpe:/a:php:pear:1.4.0:rc1 cpe:/a:php:pear:1.4.0:rc2 cpe:/a:php:pear:1.4.0a1 cpe:/a:php:pear:1.4.0a2 cpe:/a:php:pear:1.4.0a3 cpe:/a:php:pear:1.4.0a4 cpe:/a:php:pear:1.4.0a5 cpe:/a:php:pear:1.4.0a6 cpe:/a:php:pear:1.4.0a7 cpe:/a:php:pear:1.4.0a8 cpe:/a:php:pear:1.4.0a9 cpe:/a:php:pear:1.4.0a10 cpe:/a:php:pear:1.4.0a11 cpe:/a:php:pear:1.4.0a12 cpe:/a:php:pear:1.4.1 cpe:/a:php:pear:1.4.2 cpe:/a:php:pear:1.5.0 cpe:/a:php:pear:1.5.1 cpe:/a:php:pear:1.6.1 cpe:/a:php:pear:1.9.1 cpe:/a:php:pear:1.9.2 CVE-2011-1144 2011-03-02T20:00:01.677-05:00 2017-08-16T21:33:54.870-04:00 3.3 LOCAL MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2011-03-03T09:27:00.000-05:00 MLIST [oss-security] 20110228 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack MLIST [oss-security] 20110301 Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack MISC http://pear.php.net/bugs/bug.php?id=18056 XF pear-package-symlink(65911) The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1072.